Lucene search
K
PatchstackMost viewed

46702 matches found

Patchstack
Patchstack
added 2025/10/09 10:16 p.m.20 views

WordPress Slider Revolution plugin <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Read vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary File Read vulnerability discovered by stealthcopter in WordPress Plugin Slider Revolution versions = 6.7.37...

6.5CVSS6.8AI score0.00346EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/11 12:0 a.m.20 views

WordPress Flozen Theme < 1.5.1 is vulnerable to Arbitrary File Upload

Software Flozen Type Theme Vulnerable versions 1.5.1 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2025-49071 Patch priority High CVSS severity High 10 Developer Claim ownership PSID b0bba867fa7b Credits Phat RiO - BlueRock Required privilege Unauthenticat...

10CVSS7.2AI score0.00447EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/06/05 1:47 a.m.20 views

WordPress Video Embeds plugin <= 0.1.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Fore-Z co.ltd in WordPress Plugin Video Embeds versions = 0.1.1...

6.5CVSS6AI score0.00174EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/03/14 9:50 p.m.20 views

WordPress Traveler plugin <= 3.1.8 - Unauthenticated Local File Inclusion via hotel_alone_load_more_post vulnerability

Unauthenticated Local File Inclusion via hotelaloneloadmorepost vulnerability discovered by István Márton in WordPress Theme Traveler versions = 3.1.8...

9.8CVSS8.9AI score0.00614EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/03 1:31 p.m.20 views

WordPress Recapture for WooCommerce Plugin <= 1.0.43 - CSRF to Settings Change vulnerability

CSRF to Settings Change vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Recapture for WooCommerce versions = 1.0.43...

6.5CVSS7AI score0.00168EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/02/21 12:0 a.m.20 views

WordPress Theme File Duplicator Plugin <= 1.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by LVT-tholv2k in WordPress Plugin Theme File Duplicator versions = 1.3...

9.9CVSS7AI score0.00428EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/26 12:0 a.m.20 views

WordPress Otter - Gutenberg Block Plugin <= 3.0.6 is vulnerable to Path Traversal

Software Otter - Gutenberg Block Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A4: Insecure Design Classification Path Traversal CVE CVE-2024-11219 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 16f94f193561 Credits mikemyers Required privilege...

5.3CVSS5.3AI score0.00507EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/26 12:0 a.m.20 views

WordPress Paid Member Subscriptions Plugin <= 2.13.0 is vulnerable to Arbitrary Code Execution

Software Paid Member Subscriptions Type Plugin Vulnerable versions = 2.13.0 Fixed in 2.13.1 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-10261 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID da8c77c26afb Credits Arkadiusz Hydzik Require...

7.3CVSS7.3AI score0.00441EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/22 12:0 a.m.20 views

WordPress ITERAS Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software ITERAS Type Plugin Vulnerable versions = 1.7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53710 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID fe46f5e0e01b Credits SOPROBRO Required privilege...

6.6AI score0.00177EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/21 12:0 a.m.20 views

WordPress Sky Addons for Elementor Plugin <= 2.6.1 is vulnerable to Sensitive Data Exposure

Software Sky Addons for Elementor Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9542 Patch priority Low CVSS severity Low 4.3 Developer Shahidul Islam PSID d2ce76706206 Credits Nishiv Required...

4.3CVSS6.9AI score0.003EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/14 12:0 a.m.20 views

WordPress WP Activity Log Plugin <= 5.2.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Activity Log Type Plugin Vulnerable versions = 5.2.1 Fixed in 5.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10793 Patch priority Medium CVSS severity Medium 7.1 Developer Melapress PSID ad9533377437 Credits mikemyers Required...

7.2CVSS5.9AI score0.01293EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/11/14 12:0 a.m.20 views

WordPress WPvivid Backup and Migration Plugin <= 0.9.107 is vulnerable to PHP Object Injection

Software WPvivid Backup and Migration Type Plugin Vulnerable versions = 0.9.107 Fixed in 0.9.108 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10962 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID b2861821d90b Credits Webbernaut Required...

8.8CVSS6.8AI score0.00635EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.20 views

WordPress Disable Admin Notices individually Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Disable Admin Notices individually Type Plugin Vulnerable versions = 1.3.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-52420 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID efd85849f48f Credits...

4.3CVSS7AI score0.00189EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/12 12:0 a.m.20 views

WordPress Razorpay Payment Button Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Razorpay Payment Button Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10851 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 88605e5d5760 Credits Peter...

6.1CVSS6.1AI score0.00491EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.20 views

WordPress SKT Addons for Elementor Plugin <= 3.3 is vulnerable to Sensitive Data Exposure

Software SKT Addons for Elementor Type Plugin Vulnerable versions = 3.3 Fixed in 3.4 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10693 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3577352f604c Credits Francesco Carlucci Required...

4.3CVSS6.8AI score0.003EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.20 views

WordPress WPLMS Theme <= 4.962 is vulnerable to Path Traversal

Software WPLMS Type Theme Vulnerable versions = 4.962 Fixed in 4.963 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10470 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 63557cc0ea32 Credits Foxyyy Required privilege Unauthenticated Published 8...

9.8CVSS6.9AI score0.33856EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.20 views

WordPress CF7 WOW Styler Plugin <= 1.6.8 is vulnerable to Cross Site Scripting (XSS)

Software CF7 WOW Styler Type Plugin Vulnerable versions = 1.6.8 Fixed in 1.6.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51689 Patch priority Medium CVSS severity Medium 7.1 Developer Tobias PSID 34b5f0049a13 Credits Le Ngoc Anh Required privilege...

7.1CVSS7AI score0.00259EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/29 12:0 a.m.20 views

WordPress FileOrganizer Plugin <= 1.0.9 is vulnerable to Arbitrary File Upload

Software FileOrganizer Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7985 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9a28a4363098 Credits TANG Cheuk Hei siunam Required privilege...

8.8CVSS6.8AI score0.02235EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.20 views

WordPress ScottCart Plugin <= 1.1 is vulnerable to Remote Code Execution (RCE)

Software ScottCart Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-50492 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID bd1f778da3e5 Credits Mika Required privilege Unauthenticated...

9.8CVSS7.6AI score0.0135EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.20 views

WordPress WP Adminify Plugin <= 4.0.1.6 is vulnerable to Cross Site Scripting (XSS)

Software WP Adminify Type Plugin Vulnerable versions = 4.0.1.6 Fixed in 4.0.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8959 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a2bca67b8648 Credits Francesco Carlucci...

6.4CVSS5.7AI score0.00353EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.20 views

WordPress BuddyPress Plugin <= 14.1.0 is vulnerable to Directory Traversal

Software BuddyPress Type Plugin Vulnerable versions = 14.1.0 Fixed in 14.2.1 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-10011 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 06408034e9a6 Credits Domons Required privilege Subscriber Publish...

8.1CVSS6.8AI score0.00914EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/23 12:0 a.m.20 views

WordPress WC Marketplace Plugin <= 4.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WC Marketplace Type Plugin Vulnerable versions = 4.2.4 Fixed in 4.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9943 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bfdf428207b9 Credits wesley wcraft Require...

6.3CVSS6.6AI score0.00192EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/21 12:0 a.m.20 views

WordPress Mega Elements Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Mega Elements Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49693 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d1a9c6f9c436 Credits João Pedro S Alcântara Kinorth Required...

6.5CVSS6.3AI score0.00254EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/21 12:0 a.m.20 views

WordPress 3D Work In Progress Plugin <= 1.0.3 is vulnerable to Arbitrary File Deletion

Software 3D Work In Progress Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-49657 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 209728d5f5a9 Credits stealthcopter Required privilege...

7.7CVSS6.8AI score0.00387EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.20 views

WordPress Author Discussion Plugin <= 0.2.2 is vulnerable to SQL Injection

Software Author Discussion Type Plugin Vulnerable versions = 0.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49609 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 126e44ab20dc Credits João Pedro S Alcântara Kinorth Required privile...

8.8CVSS8.8AI score0.00432EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.20 views

WordPress Easy Post Types Plugin <= 1.4.4 is vulnerable to PHP Object Injection

Software Easy Post Types Type Plugin Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10079 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID da4c9b968b4a Credits István Márton Required privilege Subscribe...

8.8CVSS6.9AI score0.00779EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.20 views

WordPress Htaccess File Editor Plugin <= 1.0.18 is vulnerable to Broken Access Control

Software Htaccess File Editor Type Plugin Vulnerable versions = 1.0.18 Fixed in 1.0.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49256 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d6dd94150ebc Credits savphill Require...

8.8CVSS6.8AI score0.00365EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.20 views

WordPress Wsify Widget Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wsify Widget Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-48048 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8cbe83f02c6b Credits Joshua Chan Required privilege...

7.1CVSS6.9AI score0.00152EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/09 12:0 a.m.20 views

WordPress Tainacan Plugin <= 0.21.8 is vulnerable to SQL Injection

Software Tainacan Type Plugin Vulnerable versions = 0.21.8 Fixed in 0.21.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-48040 Patch priority High CVSS severity High 8.5 Developer Tainacan Community PSID 8db23d195d90 Credits Trương Hữu Phúc truonghuuphuc Required privilege...

8.5CVSS6.8AI score0.0053EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/09 12:0 a.m.20 views

WordPress SB Random Posts Widget Plugin <= 1.0 is vulnerable to Local File Inclusion

Software SB Random Posts Widget Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-48029 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 4e7fd324ea44 Credits João Pedro S Alcântara Kinorth Required...

7.5CVSS7.8AI score0.00544EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/08 12:0 a.m.20 views

WordPress LatePoint Plugin <= 5.0.11 is vulnerable to SQL Injection

Software LatePoint Type Plugin Vulnerable versions = 5.0.11 Fixed in 5.0.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8911 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26726ee6dc78 Credits István Márton Required privilege Unauthenticated...

9.8CVSS7.2AI score0.02823EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/08 12:0 a.m.20 views

WordPress Limit Login Attempts Plugin <= 5.3 is vulnerable to Bypass Vulnerability

Software Limit Login Attempts Type Plugin Vulnerable versions = 5.3 Fixed in 5.4 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2022-4534 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 03e4ff962fd9 Credits rezaduty Required privilege Publishe...

5.3CVSS5.6AI score0.00332EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/01 12:0 a.m.20 views

WordPress Hello World Plugin <= 2.1.1 is vulnerable to Arbitrary File Download

Software Hello World Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-9224 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 936cc3342bfb Credits yudha Required privilege...

6.5CVSS6.5AI score0.01397EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.20 views

WordPress Copyscape Premium Plugin <= 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Copyscape Premium Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.4.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-47644 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 44e490f9b2ae Credits Abdi Pranata...

7.1CVSS7.1AI score0.00247EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.20 views

WordPress GiveWP Plugin <= 3.16.2 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.16.2 Fixed in 3.16.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-8353 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID ab27727ec281 Credits cuokon Required privilege Unauthenticated...

10CVSS9.5AI score0.29101EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.20 views

WordPress JobSearch Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)

Software JobSearch Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47394 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2995ae22faae Credits Bonds Required privilege Unauthenticat...

7.1CVSS6.5AI score0.00292EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/25 12:0 a.m.20 views

WordPress Elements kit Elementor addons Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8546 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID 43112ffb0d64 Credits zer0gh0st Required...

6.4CVSS5.8AI score0.00418EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.20 views

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3.3 is vulnerable to SQL Injection

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3.3 Fixed in 1.3.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8624 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 72c934040045 Credits Krzysztof Zając...

9.9CVSS6.9AI score0.00482EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/09/13 12:0 a.m.20 views

WordPress Fusion Builder Plugin <= 3.11.9 is vulnerable to Cross Site Scripting (XSS)

Software Fusion Builder Type Plugin Vulnerable versions = 3.11.9 Fixed in 3.11.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5628 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3ab369f1b5cb Credits wesley wcraft Required...

6.4CVSS5.8AI score0.00303EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/13 12:0 a.m.20 views

WordPress Triton Lite Theme <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Triton Lite Type Theme Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5789 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 97a12617cc1a Credits Francesco Carlucci Required...

6.4CVSS5.8AI score0.00257EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/12 12:0 a.m.20 views

WordPress LearnPress Plugin <= 4.2.7 is vulnerable to SQL Injection

Software LearnPress Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.2.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8529 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 137696734fbf Credits abrahack Required privilege Unauthenticated Publish...

10CVSS6.8AI score0.11831EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/09/04 12:0 a.m.20 views

WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS)

Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8119 Patch priority Medium CVSS severity Medium 7.1 Developer WP Extended PSID b2e7aa754f90...

6.1CVSS8.4AI score0.00401EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/29 12:0 a.m.20 views

WordPress WP Accessibility Helper (WAH) Plugin <= 0.6.2.8 is vulnerable to Broken Access Control

Software WP Accessibility Helper WAH Type Plugin Vulnerable versions = 0.6.2.8 Fixed in 0.6.2.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5987 Patch priority Low CVSS severity Low 5.4 Developer Alexander Volkov PSID d7cc8b0ae32e Credits Lucio Sá...

5.4CVSS6.6AI score0.00264EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/29 12:0 a.m.20 views

WordPress Custom Query Blocks Plugin <= 5.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom Query Blocks Type Plugin Vulnerable versions = 5.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44059 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3fa2441e978e Credits 4rCanJ0x! Required privilege...

6.5CVSS6.6AI score0.00248EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/26 12:0 a.m.20 views

WordPress Greenshift Query and Meta Addon Plugin < 3.9.2 is vulnerable to SQL Injection

Software Greenshift Query and Meta Addon Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43942 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 13adc6d175b5 Credits Dave Jong Patchstack Required...

8.8CVSS6.8AI score0.00441EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/26 12:0 a.m.20 views

WordPress Z Y N I T H Plugin <= 7.4.9 is vulnerable to Settings Change

Software Z Y N I T H Type Plugin Vulnerable versions = 7.4.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43939 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7f62f3b06158 Credits Dave Jong Patchstack Required...

6.5CVSS6.5AI score0.00334EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/26 12:0 a.m.20 views

WordPress SendGrid for WordPress Plugin <= 1.4 is vulnerable to SQL Injection

Software SendGrid for WordPress Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43965 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 897d693aed88 Credits Ananda Dhakal Patchstack Required privilege...

9.8CVSS6.9AI score0.0188EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/08/19 12:0 a.m.20 views

WordPress LiteSpeed Cache Plugin <= 6.3.0.1 is vulnerable to Privilege Escalation

Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.3.0.1 Fixed in 6.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-28000 Patch priority High CVSS severity High 9.8 Developer Hai Zheng / Lite Speed Cache PSID b9efa0ab6b82...

9.8CVSS6.6AI score0.67925EPSS
Exploits8References3Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.20 views

WordPress oik Plugin <= 4.12.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software oik Type Plugin Vulnerable versions = 4.12.0 Fixed in 4.12.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43356 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 865f6e2dc335 Credits Abdi Pranata Required privile...

4.3CVSS6.7AI score0.00172EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.20 views

WordPress EmbedPress Plugin <= 4.0.9 is vulnerable to Local File Inclusion

Software EmbedPress Type Plugin Vulnerable versions = 4.0.9 Fixed in 4.0.10 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-43328 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 8a6dffdf0163 Credits Rafie Muhammad Patchstack Required privilege...

9.8CVSS6.8AI score0.0047EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000